[dns-operations] Why roll the KSK? (was Sad news today: systemd-resolved to be deployed in Ubuntu 16.10)

Paul Vixie vixie at tisf.net
Tue Jun 7 07:52:23 UTC 2016

Stephane Bortzmeyer wrote:
> On Mon, Jun 06, 2016 at 03:06:22PM -0700,
>   David Conrad<drc at virtualized.org>  wrote
>   a message of 86 lines which said:
>> Out of curiosity, how is it different than http://keyroll.systems or
>> https://icksk.dnssek.info/fauxroot.html?
> Cool experiments. From what I see on their Web site, the big
> difference with Yeti is that the root, in these experiments, is
> entirely managed by one entity. Yeti has three masters and twenty-five
> servers, managed by different organisations
> <http://yeti-dns.org/operators.html>


>   But it is not a competition. The
> more different experiments, the better.

agreed, although we (i) should do more homework, so as to offer complete references.

P Vixie

More information about the dns-operations mailing list